Deploying privacy policy in a network environment

ABSTRACT

An authoring application enables an administrative user to generate, validate, and deploy one or more privacy notices and legal notices in web pages that may be retrieved by a client user via a web browser. Two or more of the privacy notices generated by the authoring application may be deployed in a web page, and may be selectively presented to the client user via the web browser in accordance with the notification setting selected at the web browser. Two or more of the legal notices generated by the authoring application may be deployed in the web page or in a second web page. The legal notices may be selectively presented to the client user via the web browser in accordance with the notification setting.

BACKGROUND

Owners and operators of websites may present privacy notices and legalnotices to client users who interact with web pages associated withtheir websites. The privacy notices may specify how the owner oroperator of the website may use personal information of the client userthat was acquired through the client user's interaction with thewebsite. The legal notices may create a legally binding agreement orcontract between the client user and the website owner or operator.Furthermore, some legal notices may include a privacy notice component.On one hand, owners and operators may seek to present both privacynotices and legal notices to their client users that are consistentacross a given website or at least provide a coherent privacy policy,while client users may seek to achieve a better understanding of theprivacy policy embodied in these privacy notices and legal notices.

SUMMARY

An approach for presenting a web page to a client user via a web browseris described. As one example, a user preference specifying anotification setting may be received from the client user at the webbrowser. The notification setting may cause the web browser, uponretrieving a web page, to present one or more of a privacy notice or alegal notice to the client user. The particular way in which the privacynotice and the legal notice are presented to the client user may bevaried based on the notification setting specified by the userpreference.

Furthermore, an authoring application is presented that enables anadministrative user to generate, validate, and deploy privacy noticesand legal notices in web pages that may be retrieved by the client uservia the web browser. Two or more of the privacy notices and the legalnotices generated by the authoring application may be deployed in acommon web page, and may be selectively presented to the client user inaccordance with the notification setting at the web browser.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter. Furthermore,the claimed subject matter is not limited to implementations that solveany or all disadvantages noted in any part of this disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example network system.

FIG. 2 illustrates an example process flow depicting how a web page maybe presented at a web browser in accordance with a user preference.

FIGS. 3 and 4 illustrate example graphical user interfaces of a webbrowser.

FIGS. 5-8 depict example data structures of privacy notices describedherein.

FIGS. 9-10 illustrate example process flows for varying the privacynotice or legal notice rendered by the web browser responsive to anotification setting at the web browser.

FIGS. 11-13 illustrate example process flows for specifying, generating,and deploying privacy notice and legal notice in web pages that may beretrieved by a client user.

FIG. 14 depicts an example data structure of a specification document.

FIGS. 15 and 16 depict example data structures of legal noticesdescribed herein.

DETAILED DESCRIPTION

FIG. 1 illustrates an example network system 100. A client system 110may communicate with a web server 130 via a network 140. Network 140 mayinclude one or more of a wide area network (WAN) (e.g., the Internet)and a local area network (LAN) (e.g., an intranet). As one example,client system 110 may request web pages from web server 130 via network140. Web server 130 may return web pages to client system 110 vianetwork 140, which may be rendered by a web browser 114.

Client system 110 may include a computer readable storage media 112comprising instructions executable by a processing subsystem 128. Theseinstructions may include a web browser 114. Web browser 114 may includea control module 116, which may be configured to receive userpreferences 118 from a client user via web browser controls 124. Webbrowser controls 124 may be presented to the client user via a graphicaluser interface 122.

Web server 130 may include a collection of web pages 132 accessible toand retrievable by client system 110 via network 140. The collection ofweb pages 132 may be referred to collectively as a web site. As anon-limiting example, a web page 134 of the collection of web pages maybe retrieved by client system 110 from web server 130, where a renderedportion of web page 134 may be presented to the client user viagraphical user interface 122. Web page 134 may comprise one or morefiles including instructions, which may be interpreted by web browser114 and executed by processing subsystem 128. These instructions may bespecified by HTML, CSS, and/or other suitable languages.

Web page 134 may include one or more privacy notices and/or legalnotices. As a non-limiting example, web page 134 may include acollection of privacy notices 150 and a collection of legal notices 154in addition to web page content 158. These different privacy notices andlegal notices may supplement each other and collectively form a coherentprivacy policy. As described in greater detail with reference to FIGS.2-10, web browser 114 may be configured to present a select privacynotice of the collection of privacy notices 150 to the client user viagraphical user interface 122 based on a user preference. For example, afirst privacy notice 151 may be rendered by the web browser where it maybe presented to the client user via the graphical user interface.Furthermore, web browser 114 may be configured to present a select legalnotice of the collection of legal notices 154 to the client user viagraphical user interface 122. For example, a first legal notice 155 maybe rendered by the web browser where it may be presented to the clientuser via the graphical user interface. Web page content 158 may also bepresented to the client user via the graphical user interface.

A web page may include any suitable number of different privacy noticesand different legal notices. As a non-limiting example, first privacynotice 151, a second privacy notice 152, and a third privacy notice 153of the collection of privacy notices 150 may each include a differentprivacy statement associated with the web page and web site of which theweb page is a member. For example, the privacy statement of each privacynotice may include one or more of a P3P compact privacy statement, a P3Plong form privacy statement, a layered privacy statement, and a longform privacy statement, among other suitable privacy statements. Legalnotice 154, a legal notice 155, and a legal notice 156 of the collectionof legal notices may each include a different service agreementassociated with the web page and the web site. The service agreement mayinclude or specify terms of use that the client user accepts uponretrieving and interacting with the web page or related web pages of thewebsite.

FIG. 2 illustrates an example process flow depicting how web page 134may be retrieved by the client system and presented to the client userby the web browser in accordance with a user preference. At 210, a firstuser preference may be received from the client user at the web browser.The first user preference may specify a first notification setting.Referring also to FIG. 3, as a non-limiting example, the client user mayselect the first notification setting (NS_1) from a menu 310 of webbrowser controls 124. The first notification setting in this example isconfigured to cause first privacy notice 151 of the collection ofprivacy notices 150 to be presented to the client user upon rendering ofthe web page by the web browser.

At 212 of FIG. 2, the client user may request web browser 114 toretrieve web page 134 from web server 130. For example, the client usermay submit a URL address to the web browser or select a hyperlink via aselector tool of the graphical user interface. At 214, web browser 114may submit a web page request specifying web page 134 to web server 130via network 140. As a non-limiting example, web browser 114 may submitthe web page request utilizing HTTP or other suitable protocol.

At 216, web server 130 may return web page 134 specified by the web pagerequest to client system 110 via network 140. For example, web page 134may include instructions executable by processing subsystem 128, whichcauses web browser 114 to render select portions of web page 134 uponreceiving web page 134 at the client system. Referring again to FIG. 3,first privacy notice 151 and the first legal notice 155 may be renderedby the web browser when the user preference specifies the firstnotification setting NS_1, whereby the first privacy notice and thefirst legal notice may be presented to the client user via the graphicaluser interface.

At 218, a second user preference may be received from the client user atthe web browser. The second user preference may specify a secondnotification setting. Referring also to FIG. 4, as a non-limitingexample, the client user may select the second notification setting(NS_2) from menu 310 of web browser controls 124. The secondnotification setting, in contrast to the first notification setting, maybe configured to cause the second privacy notice 152 to be presented tothe client user via the graphical user interface upon rendering of theweb page by the web browser. As such, the notification setting selectedby the client user may be one of a plurality of notification settingsthat may be presented to the client user via a menu of the graphicaluser interface of the web browser.

As a non-limiting example, the first notification setting may berepresentative of a novice client user setting and the secondnotification setting may be representative of an advanced client usersetting. For example, the first privacy notice selectable by the firstnotification setting may include more educational content than thesecond privacy notice which may be presented upon selection of thesecond notification setting. In some embodiments, the web browser maydefault or initially set the user preference to specify the firstnotification setting before receiving a user preference at the webbrowser from the client user.

At 220, the client user may once again request web browser 114 toretrieve web page 134 from web server 130. At 222, web browser 114 maysubmit a web page request specifying web page 134 to web server 130 vianetwork 140. At 224, web server 130 may return web page 134 specified bythe web page request to client system 110 via network 140. Web browser114 upon receiving web page 134 may cause processing subsystem 128 toexecute instructions specified by web page 134 in accordance with thesecond notification setting. For example, referring to FIG. 4, secondprivacy notice 152 and second legal notice 156 may be rendered by theweb browser when the user preference specifies the second notificationsetting NS_2, whereby the second privacy notice and the second legalnotice may be presented to the client user via the graphical userinterface.

FIGS. 5-8 schematically depict how these privacy notices may differ fromeach other. As shown in FIG. 5, first privacy notice 151 may includecontent represented by a collection of assets (e.g., ASSET_1-ASSET_8) asspecified by the web page (e.g., web page 134). Each of these assets mayinclude a corresponding value (e.g., VALUE_1-VALUE_8), which may berendered by the web browser and presented to the client user via thegraphical user interface.

FIGS. 6 and 7 show different examples of second privacy notice 152. FIG.6 depicts the second privacy notice including content represented by acollection of assets (e.g., ASSET_1-ASSET_3) and correspondingcollection of values (e.g., VALUE_1-VALUE_3) which may be rendered bythe web browser and presented to the client user via the graphical userinterface. FIG. 7 shows an alternative example of the second privacynotice including content represented by a collection of assets (e.g.,ASSET_1-ASSET_3, ASSET_9, and ASSET_10) and corresponding collection ofvalues (e.g., VALUE_1-VALUE_3, VALUE_9, and VALUE_10) which may also berendered by the web browser and presented to the client user via thegraphical user interface.

These assets may include different classes of content, including text,hyperlinks, images, and videos. The value corresponding to each assetmay represent the content to be rendered by the web browser, such astext to be presented to the client user via the graphical userinterface, object source and destination anchors associated with ahyperlink to be presented to the client user, image content, and videocontent, etc. As such, the first privacy notice may include differentcontent than the second privacy notice. Similarly, as shown in FIGS. 15and 16, first legal notice 155 may include different content than secondlegal notice 156.

In some embodiments, first privacy notice 151 and second privacy notice152 may share some of the same content as demonstrated by the examplesshown in FIGS. 5 and 6. For example, the first privacy notice and thesecond privacy notice may each include ASSET_1-ASSET_3 and correspondingVALUE_1-VALUE_3. In some embodiments, the second privacy notice mayrepresent a truncated version of the first privacy notice. For example,the first privacy notice may include the second privacy notice andadditional content supplementing the second privacy notice (e.g.,VALUE_9 and VALUE_10). In some examples, the content supplementing thesecond privacy notice may include content further explaining the secondprivacy notice.

In other embodiments, the second privacy notice may include content thatis not present in the first privacy notice, and the first privacy noticemay include content that is not present in the second privacy notice.For example, first privacy notice 151 may include ASSET_4-ASSET_8 andcorresponding VALUE_4-VALUE_8, which are not present in second privacynotice 152. Second privacy notice 152 may include ASSET_9 and ASSET_10and corresponding VALUE_9 and VALUE 10, which are not present in firstprivacy notice 151.

Referring again to FIGS. 3 and 4, when the first user preferencespecifying the first notification setting NS_1 is received by the webbrowser, the web browser causes the first privacy notice 151 to bepresented to the client user via the graphical user interface. However,when the second user preference specifying the second notificationsetting NS_2 is received by the web browser, the web browser causessecond privacy notice 152 to be presented to the client user via thegraphical user interface.

In some embodiments, the web browser may present only two notificationsettings that may be selected by the client user. In other embodiments,such as shown in FIGS. 3 and 4, the web browser may present three ormore notification settings that may be selected by the client user. FIG.8 shows an example of third privacy notice 153 that may be presented tothe client user when the privacy preference specifying a thirdnotification setting NS_3 is received at the web browser. As anon-limiting example, third privacy notice 153 may be configured not topresent privacy policy content to the client user via the graphical userinterface. Thus, in this example, ASSET_1 includes a corresponding NULLvalue which may cause the web browser not to render the third privacynotice. In other words, notification setting NS_3 may be selected by theclient user to cause web browser 114 not to display the third privacynotice via the graphical user interface. In this way, a client user maytailor the user experience provided by the web browser with respect tothe presentation of privacy notices.

While FIGS. 5-8 have been described with respect to privacy notices, asimilar approach may be applied to legal notices. For example, referringagain to FIGS. 3 and 4, when the user preference specifying the firstnotification setting NS_1 is received by the web browser, the webbrowser may cause first legal notice 155 to be presented to the clientuser via the graphical user interface. When the user preferencespecifying the second notification setting NS_2 is received by the webbrowser, the web browser may cause second legal notice 156 to bepresented to the client user via the graphical user interface. Firstlegal notice 155 and second legal notice 156 may include differentcontent as previously described with respect to the privacy notices andas shown in FIGS. 15 and 16. For example, the first legal notice mayinclude the second legal notice and further include contentsupplementing the second legal notice. In other examples, the firstlegal notice may include content not present in the second legal notice,while the second legal notice may include content not present in thefirst legal notice.

In some embodiments, the number of selectable notification settings thatare presented to the client user may be specified by the web page. Forexample, the web browser may be configured to execute instructionsspecified by the web page to cause a specified number of notificationsettings to be presented to the client user for selection. Each of thenotification settings can include a corresponding privacy notice and/orlegal notice that may be rendered by the web browser upon selection ofthe notification setting.

FIG. 9 illustrates an example process flow for varying the privacynotice and legal notice that are rendered by the web browser andpresented to the client user. At 910, a user preference may be receivedat the web browser specifying a notification setting. At 912, the webpage, including one or more of the privacy notice and the legal notice,may be presented to the client user via the graphical user interface ofthe web browser. At 914, one or more of the privacy notice and the legalnotice presented to the client user may be varied responsive to thenotification setting specified by the user preference. For example, theweb browser may be configured to render the privacy notice in accordancewith the selected notification setting.

In some embodiments, varying the privacy notice may include adjusting anamount of the privacy notice that is presented to the client user viathe graphical user interface of the web browser. Similarly, varying thelegal notice may include adjusting an amount of the legal notice that ispresented to the client user via the graphical user interface.

In some embodiments, varying the privacy notice may include adjustingcontent of the privacy notice that is presented to the client user viathe graphical user interface responsive to the notification setting.Similarly, varying the legal notice may include adjusting content of thelegal notice that is presented to the client user via the graphical userinterface. In some examples, the content may include text; and adjustingthe content of the privacy notice or the legal notice may includeadjusting an amount of the text presented to the client user via thegraphical user interface. In some examples, the content may include ahyperlink; and adjusting the content of the privacy notice or the legalnotice may include adjusting a destination anchor of a hyperlinkpresented to the client user via the graphical user interface. In someexamples, the destination anchor of the hyperlink may specify anotherprivacy notice or legal notice of the website or web page.

In some embodiments, the privacy notice or the legal notice presentedvia the graphical user interface may be varied responsive to thenotification setting by rendering a first portion of the privacy noticeat the graphical user interface when a first notification setting of theplurality of notification settings is specified by the user preferenceand by rendering a second portion of the privacy notice at the graphicaluser interface when the second notification setting of the plurality ofnotification settings is specified by the user preference.

FIG. 10 illustrates an example process flow for rendering one of two ormore privacy notices specified by a web page. It should be appreciatedthat the process flow of FIG. 10 is also applicable for rendering one oftwo or more legal notices specified by a web page as illustrated inFIGS. 2 and 3. At 1010, the notification setting specified by the userpreference may be identified by the web browser. At 1012, it may bejudged whether the user preference specifies the first notificationsetting. If the answer at 1012 is judged yes, the process flow mayproceed to 1014. Alternatively, if the answer at 1012 is judged no, theprocess flow may proceed to 1016. At 1014, the first privacy notice maybe rendered by the web browser at the graphical user interface where thefirst privacy notice may be presented to the client user. Alternatively,at 1016, the second privacy notice may be rendered by the web browser atthe graphical user interface where the second privacy notice may bepresented to the client user. In this way, the client user may selectwhich of the different privacy notices of a web page are presented viathe graphical user interface. As previously described, these differentprivacy notices may supplement each other and collectively form acoherent privacy policy.

Referring once again to FIG. 1, the collection of privacy notices andthe collection of legal notices previously described in the context ofuser preference control may be deployed in one or more of web pages 132that are retrievable by the client user via the web browser. Forexample, in the previous examples, web page 134 included or specified acollection of privacy notices including two or more different privacynotices and a collection of legal notices including two or more legalnotices. It should be appreciated that in other examples, the collectionof privacy notices may be deployed in a first web page, while thecollection of legal notices may be deployed in a second web page.

FIG. 1 further illustrates an administrative system 160 that may beoperated by an administrative user via an administrative interface 162to generate, validate, and deploy one or more of the previouslydescribed privacy notices and legal notices. Administrative system 160may include a computer readable storage media 164 comprisinginstructions executable by a processing subsystem 169. Theseinstructions when executed by the processing subsystem 169 may providean authoring application 166, including one or more of a specificationmodule 168, a localization module 172, and a validation module 176.

Specification module 168 may include a specification tool 170.Specification tool 170 may be used by the administrative user togenerate specification documents. These specification documents may bein turn used by the localization module to generate privacy notices andlegal notices that may be deployed in a web page. Localization module172 may include a localization tool 174. Localization tool 174 may beused by the administrative user to generate a collection of privacynotices and a collection of legal notices from specification documentsgenerated by the specification module. Validation module 176 may includea validation tool 178. Validation tool 178 may be used by theadministrative user to review and validate each of the privacy noticesand legal notices that are generated by the localization module beforethese privacy notices and legal notices are deployed in web pages thatmay be retrieved by the client user.

Administrative interface 162 may include an interface view 167.Interface view 167 may be used by the administrative user to interactwith the specification tool, the localization tool, and the validationtool as described herein. As a non-limiting example, interface view 167may include a graphical user interface. In some embodiments, theinterface view may be exposed to the administrative user via a webbrowser or other suitable software application.

FIG. 11 illustrates an example process flow for deploying privacynotices and legal notices in web pages retrievable by the client user.At 1110 the authoring application may prompt the administrative user tosubmit specified content to the specification tool. In some examples,the client user may be prompted via the administrative interface. Thespecified content may include assets and corresponding values that mayform constituent components of the privacy notices and legal notices. Aspreviously described, these assets may include text, hyperlinks, images,and video that may be utilized by the authoring application to generateprivacy notices and legal notices that may be eventually deployed in oneor more web pages that may be presented to the client user. In someembodiments, the administrative user may be prompted with a wizardapplication or a web form presented to the administrative user viainterface view 167. As a non-limiting example, the wizard application orthe web form may specify the assets to be utilized by each of theprivacy notices and legal notices, whereby the administrative user maybe prompted to submit respective values corresponding to the assets asthe specified content.

At 1112, the authoring application may generate a specification documentat the specification tool using the specified content submitted by theadministrative user. In some embodiments, the specification documentgenerated at 1112 may be stored at data store 190 as indicated at 192,where it may be later retrieved by the localization module to generateprivacy notices and legal notices. The specification document may beused by the localization module to generate one or more privacy noticesand/or legal notices. As a non-limiting example, the specificationdocument may include all of the constituent components of the variousprivacy notices and legal notices that may be generated from thespecification document. FIG. 14 shows a schematic depiction of a datastructure for an example specification document that may be used togenerate first privacy notice 151, second privacy notice 152, as well asfirst legal notice 155 and second legal notice 156 depicted by FIGS. 15and 16.

The specification document may further specify which assets and valuesmay be associated with each privacy notice and legal notice. Forexample, FIG. 14 shows how the specification document may include alocalization schema that maps the assets and values of the specifiedcontent to the privacy notices and legal notices that may be generatedfrom the specification document. As shown in FIG. 14, each of firstprivacy notice 151, second privacy notice 152, first legal notice 155,and second legal notice 156 are represented in the localization schemacolumn and correspond to the examples depicted in FIGS. 5, 7, 15, and16.

At 1114, the authoring application may optionally receive a localizationdirective from the administrative user at the localization tool. Thelocalization directive may cause the localization tool to vary thelocalization schema of the specification document according to thelocalization directive. In this way, the administrative user may selectwhich privacy notices and legal notices are generated from thespecification document, as well as the assets and corresponding valuesassociated with each of the privacy notices and legal notices.

At 1116, the authoring application may generate a collection of privacynotices and a collection of legal notices at a localization tool usingthe specification document in accordance with the localization schema.As one example, the localization module may retrieve the specificationdocument generated at 1112 from data store 190. The localization toolmay be configured to populate any suitable document with the assets andvalues specified by the specification document to generate the privacynotices and legal notices.

As a non-limiting example, the localization tool may be configured togenerate each of the privacy notices and legal notices as separate webpages that may be retrieved by the web browser of the client user tocause the privacy notice or legal notice to be displayed to the clientuser via the graphical user interface. In other embodiments, thelocalization tool may be configured to generate two or more privacynotices and legal notices as a single web page. For example, aspreviously described with reference to FIGS. 9 and 10, web page 134 mayinclude a collection of privacy notices and/or legal notices that may bepresented to the client user in accordance with the notification settingat the web browser. It should be appreciated that the localizationmodule may be configured to generate any suitable document, includingdocuments incorporating html, xml, aspx, etc.

Furthermore, the privacy notices generated by the localization modulemay include one or more of a P3P compact privacy statement, a P3P longform privacy statement, a layered privacy statement, a traditional longform statement, among other suitable privacy notices. The legal noticesgenerated by the localization module may include a layered serviceagreement or a long form service agreement specifying terms of use,among other suitable legal notices. In some embodiments, the legalnotice generated by the localization module may include a privacy noticecomponent. As such, it should be appreciated that some of the legalnotices generated by the localization module may incorporate one or moreof the privacy notices described herein.

As a non-limiting example, at 1116, the localization tool may generate acollection of privacy notices 150 and may include at least first privacynotice 151 and the second privacy notice 152. The second privacy noticemay comprise different content than the first privacy notice as depictedin FIGS. 5, 6, and 7, for example. The localization tool may alsogenerate the collection of legal notices 154, including at least legalnotice 155. In some embodiments, the localization module may beconfigured to store the collection of privacy notices and the collectionof legal notices generated by the localization tool at data store 190 asprovisional documents 194 pending approval by the administrative user.

At 1118, the authoring application may present the collection of privacynotices and the collection of legal notices generated via thelocalization tool to the administrative user for approval via theadministrative interface. In some embodiments, the validation tool mayretrieve the collection of privacy notices and the collection of legalnotices from data store 190, in the examples where they were previouslystored as provisional documents 194. In some embodiments, the validationtool may present each of the privacy notices and legal notices generatedby the localization tool to the administrative user via interface view167. In some embodiments, the validation tool may enable theadministrative user to select which privacy notices and legal noticesare presented to the administrative user for review.

At 1120, the authoring application may prompt the administrative user tosubmit a validation response upon presentation of the collection ofprivacy notices and the collection of legal notices to theadministrative user. In some examples, the administrative user may beprompted via the administrative interface and the validation responsemay be submitted at the validation tool. The validation response mayspecify an approval or a denial of the collection of privacy notices andthe collection of legal notices. In some embodiments, the validationtool may prompt the administrative user to submit a single validationresponse specifying an approval or denial of the collection of privacynotices and the collection of legal notices generated by thespecification module. In other embodiments, the validation tool mayprompt the administrative user to submit a first validation responsespecifying an approval or a denial of the collection of privacy noticesand a second validation response specifying an approval or a denial ofthe collection of legal notices. In still other embodiments, as will bedescribed in greater detail with reference to the process flow of FIG.12, the validation tool may prompt the administrative user to submit aseparate validation response for each privacy notice and each legalnotice generated by the localization module, or for each documentgenerated by the localization module in examples where multiple privacynotices and/or legal notices are generated and deployed in a commondocument (e.g., web page).

At 1122, the authoring application may receive the validation responsesubmitted by the administrative user at the validation tool. In someembodiments, upon approval of a privacy notice or a legal notice, thevalidation module may store the privacy notice or the legal notice atthe data store as approved documents 196. At 1124, the collection ofprivacy notices and the collection of legal notices may be deployed inone or more web pages that are retrievable by a client user via the webbrowser only after the validation response specifying the approval hasbeen received at the validation tool.

The privacy notices and the legal notices approved by the administrativeuser may be deployed in web pages 132 retrievable by the client user viaweb browser 114. As a non-limiting example, the privacy notices andlegal notices stored as approved documents 196 at data store 190 may beuploaded to web server 130. For example, one or more of first privacynotice 151, second privacy notice 152, and third privacy notice 153 maybe deployed in web page 134 at web server 130. Further, one or more offirst legal notice 155, second legal notice 156, and third legal notice157 may be deployed in web page 134 at web server 130. In someembodiments, web page 134 may be generated at least in part by thelocalization module as previously described with reference to 1116 ofFIG. 11.

By utilizing the validation tool to approve the privacy notices andlegal notices, the client user may only retrieve the web page includingthe privacy notice or legal notice after the administrative user hasapproved the privacy notice or legal notice. For example, the clientuser may retrieve the web page including at least the first privacynotice and the second privacy notice via the web browser only when thevalidation response specifies the approval of the collection of privacynotices; and the client user may be permitted to access the web pageincluding at least the first legal notice via the web browser only whenthe validation response specifies the approval of the collection ofthese legal notices.

As previously described with reference to operations 1118-1124, theauthoring application may be configured to prompt the administrativeuser for approval of one or more privacy notices and legal notices. FIG.12 illustrates a non-limiting example the process flow from theperspective of first privacy notice 151. It should be appreciated thatthe process flow of FIG. 12 may be similarly applied to other privacynotices or legal notices.

At 1210, the first privacy notice may be presented to the administrativeuser for approval via the administrative interface, for example, aspreviously described with reference to 1118. As a non-limiting example,the first privacy notice may be presented to the administrative user byrendering the first privacy notice via interface view 167 in a similarmanner as may be rendered by web browser 114 at graphical user interface122. In this way, the administrative user may view the privacy notice asmay be viewed by the client user.

At 1212, a validation response may be received from the administrativeuser at the validation tool for the first privacy notice presented tothe administrative user at 1210. For example, the validation responsemay be submitted to the administrative system via the administrativeinterface. The validation response received at 1212 may specify anapproval or a denial of the first privacy notice presented to theadministrative user at 1210.

At 1214, it may be judged whether the validation response received at1212 specifies the approval. If the answer at 1214 is judged yes, theprocess flow may proceed to 1216. At 1216, the validation module maypermit the deployment of the first privacy notice in a web pageretrievable by the client user; and the client user may be permitted toretrieve the web page including the first privacy notice via the webbrowser. For example, first privacy notice 151 may be deployed in webpage 134 at web server 130. In some embodiments, the validation modulemay be configured to store the first privacy notice at the data store asapproved documents 196 upon receiving the validation response specifyingthe approval of the first privacy notice.

Alternatively, if the answer at 1214 is judged no (i.e., the validationresponse has not yet been received from the administrative user or thevalidation response specifies the denial), the process flow may proceedto 1218. At 1218, the validation module does not permit the deploymentof the first privacy notice in a web page retrievable by the clientuser; and the client user is not permitted to retrieve the web pageincluding the first privacy notice. In this way, in at least someembodiments, the first privacy notice may be presented to the clientuser only after the first privacy notice has been approved by theadministrative user via the validation tool.

FIG. 13 illustrates an example process flow for managing multipleversions of a privacy notice or a legal notice. At 1310, thespecification module may generate a previous version of the privacynotice using the specification document at the localization tool, forexample, as previously described with reference to 1116 of FIG. 11. At1312, the previous version of the privacy notice may be deployed in aweb page retrievable by the client user as previously described at 1124of FIG. 11.

At 1314, the authoring application may receive a content updatesubmitted by the administrative user at the specification tool. As oneexample, the specification tool may be configured to retrieve thespecification document used to generate the previous version of theprivacy notice from data store 190 as stored at specification documents192.

At 1316, the authoring application may update the specification documentthat generated the previous version of the privacy notice via thespecification tool responsive to the content update received at 1314. Insome examples, the content update may include new assets that were notpresent in the specification document. In some examples, the contentupdate may include updated values for assets that were present in thespecification document.

At 1318, the specification tool may generate an updated version of theprivacy notice using the specification document after updating thespecification document with the content update and before comparing theupdated version to the previous version at the validation tool as willbe described at 1320. The updated version of the privacy notice may bethe same as or different than the previous version of the privacy noticedepending on whether the content update affected assets or values thatare used to generate the privacy notice.

For example, FIG. 14 shows specified content that may be used by thespecification tool to generate the collection of privacy notices and thecollection of legal notices. If ASSET_10 and corresponding VALUE_10 wereadded with the content update, then first privacy notice 151 shown inFIG. 5 would not be affected by the content update. However, secondprivacy notice 152 shown in FIG. 7 would be updated with the contentupdate. As such, the updated version of the second privacy notice wouldbe different than the previous version of the second privacy notice,whereas the updated version of the first privacy notice would be thesame as the previous version of the first privacy notice in thisparticular example.

At 1320, the authoring application may compare the updated version ofthe privacy notice to the previous version of the privacy notice at thevalidation tool to identify a difference between the updated version andthe previous version. As a non-limiting example, the validation tool maybe configured to identify assets that have been added to or removed fromthe specification document with the content update as well ascorresponding values that have been changed with the content update.

At 1322, the validation module may present the difference between theupdated version and the previous version to the administrative user viathe administrative interface. For example, the validation module maypresent assets that have been added or removed from the specificationdocument with the content update and may present values that have beenchanged at the specification document with the content update. As anon-limiting example, the validation module may present the differenceas: “A ‘ASSET_10’ has been added to the privacy statement as‘VALUE_10’.” As another example, the validation module may present thedifference as: “The ‘ASSET_10’ has been removed from the terms of use,which previously included ‘VALUE_10’.” As yet another example, thevalidation module may present the difference as: “The ‘ASSET_10’ of theterms of use has been change from ‘ASSET_(—)10’ to ‘ASSET_11’.”

At 1324, the validation tool may prompt the administrative user tosubmit a validation response to the validation tool upon presentation ofthe difference between the updated version and the previous version tothe administrative user. As one example, the validation response mayspecify an approval or a denial of the updated version. At 1326, theauthoring application may receive the validation response from theadministrative user at the validation tool.

At 1328, the validation module may judge whether the validation responsereceived at the validation tool specifies an approval of the privacynotice. If the answer at 1328 is judged yes, the process flow mayproceed to 1330. At 1330, the updated version of the privacy notice maybe deployed in a web page retrievable by the client user when thevalidation response specifies the approval of the updated version of theprivacy notice. For example, with regards to first privacy notice 151,the updated version of the first privacy notice may be deployed in webpage 134 upon approval by the administrative user. It should beappreciated that the process flow of FIG. 13 may be similarly applied tolegal notices. For example, with regards to first legal notice 155, theupdated version of the first legal notice may be deployed in web page134 upon approval by the administrative user. In some embodiments, thevalidation tool may be configured to store the updated version of theprivacy notice or the legal notice at the data store as approveddocuments 196. Thus, in at least some embodiments, the validationauthoring application may deploy the updated version of the privacynotice in a web page retrievable by the client user only when thevalidation response specifies the approval of the updated version of theprivacy notice.

In some embodiments, deploying the updated version of the privacy noticein the web page may further include deploying the difference between theupdated version and the previous version identified at 1320 in the webpage retrievable by the client user. For example, the web page may beconfigured to cause the web browser to present the updated version ofthe privacy notice (or legal notice) and the difference between theupdated version and the previous version to the client user via thegraphical user interface of the web browser. In this way, the clientuser may be notified of a change in the privacy policy of the web pageor web site associated with the web page when presented with the updatedversion of the privacy notice. It should be appreciated that a similarapproach may be applied to notify the client user of differences betweenan updated version of a legal notice and a previous version of the legalnotice.

Alternatively, if the answer at 1328 is judged no, the process flow mayproceed to 1332. At 1332, the previous version of the privacy notice maybe deployed in a web page retrievable by the client user when thevalidation response specifies the denial of the updated version of theprivacy notice. Where the previous version of the privacy notice hasbeen already deployed in the web page, for example, as described at1312, then the process flow may end. In this way, the client user may bepermitted to retrieve a web page including the updated privacy notice orupdated legal notice only after approval is received at the validationtool from the administrative user.

It should be appreciated that the process flows of FIGS. 2 and 9-12 mayrepresent instructions executable by the processing subsystem of theclient system. It should also be appreciated that the example datastructures depicted by FIGS. 5-8 and 14-16 are merely non-limitingexamples. As such, other suitable data structures may be used.Furthermore, any suitable number of different privacy notices and legalnotices may be deployed in a given web page. For example, a web page mayinclude four or more different privacy notices and four or moredifferent legal notices that may be rendered by the web browserresponsive to the notification setting at the web browser. Furtherstill, any suitable number of different privacy notices and legalnotices may be generated from a given specification document via thelocalization tool, where these different privacy notices and legalnotices may be deployed in one or more web pages that may be retrievedby client users via their respective web pages.

It will be appreciated that the computing devices described herein(e.g., client system 110 and administrative system 160) may be anysuitable computing device configured to execute the programs describedherein. For example, the computing devices may be a mainframe computer,personal computer, laptop computer, portable data assistant (PDA),computer-enabled wireless telephone, networked computing device, orother suitable computing device, and may be connected to each other viacomputer networks, such as the Internet. These computing devicestypically include a processor and associated volatile and non-volatilememory, and are configured to execute programs stored in non-volatilememory using portions of volatile memory and the processor. It will beappreciated that computer-readable media may be provided having programinstructions stored thereon, which upon execution by a computing device,cause the computing device to execute the methods described above andcause operation of the systems described above. It should be understoodthat the embodiments herein are illustrative and not restrictive, sincethe scope of the invention is defined by the appended claims rather thanby the description preceding them, and all changes that fall withinmetes and bounds of the claims, or equivalence of such metes and boundsthereof are therefore intended to be embraced by the claims.

1. An administrative system for deploying privacy notices in web pages,the administrative system comprising: computer readable storage mediacomprising instructions executable by a processing subsystem to: promptan administrative user to submit specified content to a specificationtool; generate a specification document at the specification tool usingthe specified content; generate a collection of privacy notices at alocalization tool using the specification document in accordance with alocalization schema, the collection of privacy notices including a firstprivacy notice and a second privacy notice; present the collection ofprivacy notices to the administrative user for approval via anadministrative interface; prompt the administrative user to submit avalidation response upon presentation of the collection of privacynotices to the administrative user; receive the validation response atthe validation tool, the validation response specifying an approval or adenial of the collection of privacy notices; deploy the collection ofprivacy notices in a web page retrievable by a client user via a webbrowser only after the validation response specifying the approval hasbeen received at the validation tool and; where the web page includingthe collection of privacy notices causes the web browser to present oneof the first privacy notice or the second privacy notice to the clientuser via a graphical user interface of the web browser responsive to anotification setting specified at the web browser by the client user. 2.The administrative system of claim 1, where the first privacy noticecomprises: the second privacy notice and additional contentsupplementing the second privacy notice.
 3. The administrative system ofclaim 1, where the computer readable storage media further comprisesinstructions executable by the processing subsystem to: generate acollection of legal notices at the localization tool using thespecification document in accordance with the localization schema, thecollection of legal notices including a first legal notice comprising aservice agreement specifying terms of use and a second legal notice;present the collection of legal notices generated via the localizationtool to the administrative user for approval via the administrativeinterface, the validation response further specifying an approval or adenial of the collection of legal notices; and deploy the collection oflegal notices in the web page retrievable by the client user via a webbrowser only after the validation response specifying the approval hasbeen received at the validation tool.
 4. The administrative system ofclaim 1, where the computer readable storage media further comprisesinstructions executable by the processing subsystem to: prompt theadministrative user to submit the specified content by presenting awizard application to the administrative user via the administrativeinterface; and receive the specified content from the client user viathe wizard application.
 5. The administrative system of claim 1, wherethe first privacy notice includes different content than the secondprivacy notice.
 6. The administrative system of claim 1, where thelocalization schema maps assets and values of the specified content tothe collection of privacy notices and where the computer readablestorage media further comprises instructions executable by theprocessing subsystem to: receive a localization directive from theadministrative user at the localization tool; and vary the localizationschema according to the localization directive.
 7. The administrativesystem of claim 6, where the localization directive specifies a totalnumber of privacy notices included in the collection of privacy noticesgenerated at the localization tool.
 8. The administrative system ofclaim 6, where the localization directive specifies a type of privacynotice included in the collection of privacy notices generated by thelocalization tool.
 9. The administrative system of claim 8, where thefirst privacy notice includes one of a layered privacy statement, a P3Pprivacy statement, and a long form privacy statement; and where thesecond privacy notice includes another of the layered privacy statement,the P3P privacy statement, and the long form privacy statement.
 10. Theadministrative system of claim 1, where the second privacy noticeincludes a hyperlink specifying the first privacy notice as adestination anchor.
 11. An administrative system for generating privacynotices and legal notices deployable to a client user via a web page,the administrative system comprising: computer readable storage mediacomprising instructions executable by a processing subsystem to: promptthe administrative user via an administrative interface to submitspecified content to a specification tool; generate a specificationdocument at the specification tool using the specified content submittedby the administrative user; receive the specification document at alocalization tool; generate a collection of privacy notices and a legalnotice using the specification document at the localization tool inaccordance with a localization schema, the collection of privacy noticesincluding at least a first privacy notice and a second privacy notice,the first privacy notice including content that supplements the secondprivacy notice, and the legal notice comprising a service agreementspecifying terms of use including a privacy notice component; and deploythe first privacy notice and the second privacy notice together in afirst web page retrievable by the client user via the web browser, thefirst web page causing the web browser to present one or more of thefirst privacy notice and the second privacy notice to the client uservia a graphical user interface responsive to a notification settingspecified at the web browser by the client user.
 12. The administrativesystem of claim 11, further comprising, deploying the legal notice inthe first web page or in a second web page retrievable by the clientuser via the web browser.
 13. The administrative system of claim 11,where the collection of privacy notices further includes a third privacynotice; where the first privacy notice includes a long form privacystatement, the second privacy notice includes a layered privacystatement, and the third privacy notice includes a P3P privacystatement.
 14. The administrative system of claim 13, where the thirdprivacy notice includes a P3P compact privacy statement.